Level 45

The Ryuk ransomware is most likely the creation of Russian financially-motivated cyber-criminals, and not North Korean state-sponsored hackers, according to reports published this week by four cyber-security firms --Crowdstrike, FireEye, Kryptos Logic, and McAfee.

However, evidence suggests that the ransomware was created by a criminal group that Crowdstrike calls Grim Spider, who appears to have bought a version of the Hermes ransomware from a hacking forum, and modified it to their own requirements into what now is known as the Ryuk ransomware.

The confusion comes from the fact that North Korean state hackers deployed a version of the Hermes ransomware on the network of the Far Eastern International Bank (FEIB) in Taiwan after carrying out a hack in October 2017.

Researchers believe North Korean hackers bought the same Hermes ransomware kit from hacking forums, like the Grim Spider group, and deployed it on the bank's network as a distraction and to cover the tracks of their cyber-heist, and that there is no connection between the Pyongyang regime's hackers and the Ryuk ransomware strain.

We use cookies to improve your browsing experience on our site, show personalized content and targeted ads, analyze site traffic, and understand where our audience is coming from.
By continuing to use this site, you are consenting to our use of cookies.